Slackware 8.1: Samba 2.2.7 Moderate Security Update for Buffer Overflow

Here are the details from the Slackware 8.1 ChangeLog: ---------------------------- Wed Nov 20 16:51:23 PST 2002 patches/packages/samba-2.2.7-i386-1.tgz: Upgraded to samba-2.2.7. Some details (based on the WHATSNEW.txt file included in samba-2.2.7): This fixes a security hole discovered in versions 2.2.2 through 2.2.6 of Samba that could potentially allow an attacker to gain root access on the target machine. The word "potentially" is used because there is no known exploit of this bug, and the Samba Team has not been able to craft one ourselves. However, the seriousness of the problem warrants this immediate 2.2.7 release. There was a bug in the length checking for encrypted password change requests from clients. A client could potentially send an encrypted password, which, when decrypted with the old hashed password could be used as a buffer overrun attack on the stack of smbd. The attack would have to be crafted such that converting a